Thank you for your quick response.
But I have a question : How does it work technically ?
I found this troubleshooting guide on the documentation website : https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting

It explains all the request made for a Click-through Splash Page with EXCAP.
How setting Captive portal strength to "Block all access until sign-on" and Controller disconnection behavior to 'Restricted" is gonna prevent users to bypass my own splash page and directly hit the "/splash/grant?" webpage ?

PS: I didn't test it for now, maybe it'd work but i don't understand why it would

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_captive_portal.pdf

 

Is that the kind of detail you're looking for?

Hmm not really, this is the basis. The link above have more details about the request made.

But your link is the reason why i have security concern :

 

Once you are prepared to grant access to the user, you must forward certain parameters you can gather from the URL in step 2 above. Specifically, you must forward the user to the following URL:

GET[‘base_grant_url’] + “?continue_url=” + GET[‘user_continue_url’]

Where the following parameters are extracted from the user’s original query or specified by you:

base_grant_url = https://n##.meraki.com/splash/grant

user_continue_url = http://google.com

In the case of the example above the assembled URL would be:

https://n##.meraki.com/splash/grant?continue_url=http://google.com

 

Is it that simple ? No security tokens ? No challenge between your splash page and the meraki granting page ? No way to prove that the user got through your page and filled your form ? I may have missed something...

Ahh, ok maybe you're looking for something more like this diagram. I put this together when I was working on a project where the customer wanted to use a third party analytic company to do an Excap in conjunction with the Scanning API data to do targeted marketing and other nonsense. 

 

Disclaimier, this was just me poking around with WireShark and trying to decipher the OAuth and OpenID specifications... This is not a Meraki doc, and I would be real money I don't have this 100% correct, but I do think it is a good overview of doing this with an Excap. 

 

That's a cool diagram
This case is actually the "Sign-on with my RADIUS server" method, right ? Because you provide data to the Meraki Cloud in order for him to do a RADIUS Request and process the Response.

I'm not using any RADIUS nor LDAP server to authenticate my custormer. In fact, i'm using a private communication service which use SMS.
The idea is that i want my customer to type their phone number. Then, he will receive a code by SMS asked by my page. If the code is correct, he will be redirect to the Meraki granting page where he will have the right to access internet right after. Meraki provide this solution but via Twilio (a paying solution).

I found the only way for me to do it, was to use the "Clickthrough" method. In consequence, I make sure that the client is human and his phone number is correct.

Maybe there is another way for me to do it ?

Other than that unless you use some sort of LDAP twilio would be best bet for SMS.

Thank you for your response guys.
As i understand there is no way to secure a clickthrough custom-hosted splash page...
The only way to make sure that my user filled my form is to go with the RADIUS or LDAP method or with a paying solution like Twilio.